CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-24036

CVSS 9.8v3.1pub. 2021-07-23upd. 2024-11-21

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Facebook Folly

    APP
    Facebook
    < 2021.07.22.00
  • Facebook Hhvm

    APP
    Facebook
    4.114.04.115.04.116.04.117.04.118.04.118.14.81.0 – 4.102.1< 4.80.54.103.0 – 4.113.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2022-36937CRITICAL9.8ten sam produkt

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream...

CVE-2020-1900CRITICAL9.8ten sam produkt

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic pr...

CVE-2021-24025CRITICAL9.8ten sam produkt

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the f...

CVE-2020-1916CRITICAL9.8ten sam produkt

An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed ...

CVE-2020-1917CRITICAL9.8ten sam produkt

xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the gener...